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FINAL ACTION 

1 . This action is in response to amendment filed 4/27/201 0. Claims 69-72 are 
cancelled. Claims 63-68 are pending. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

2. Claims 63-66 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Toh (US Patent Publication No. 2002/0004902) in view of Haber et al. (US 
Patent No. 5,781 ,629 and Haber herenafter). 

3. As to claim 63, Toh teaches a method of permitting authentication of data 
comprising: (a) storing copies of a plurality of data items (e.g., ... local storage 
[par. 36]); (d) transmitting said single hash value to a remote location (e.g., 
Operation Center) (i.e.,... teaches sending encrypted hash of the data package to 
Operation Center [par. 58]), via an information technology communications 
network [fig. 2]; 
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Toh does not teach: (b) generating a first data file comprising a respective hash 
value of each said plurality of stored data items; (c) generating a single hash 
value of said first data file derived from said hash values of said plurality of stored 
data items; (e) creating at said remote location a second data file comprising said 
single hash value and one or more additional data items relating to said single 
hash value; (f) generating a hash value for said second data file; and (g) 
publishing said hash value for said second data file in a journal for authenticating 
said second data file, (h) authenticating said second data file by generating a 
hash value for said second data file and comparing the hash value for the second 
data file generated in (h) with the hash value for said second data file published 
in said dated journal. 

However, these features are well known in the art and would have been an 
obvious modification of the system disclosed by Toh as introduced by Haber. 
Haber discloses: (b) generating a first data file comprising a respective hash 
value of each said plurality of stored data items (to generate a data structure 
(e.g., table) comprising hash values of data items [col. 5, lines 52-56]); (c) 
generating a single hash value of said first data file derived from said hash 
values of said plurality of stored data items (to generate a single hash linked to a 
number of hash values [col. 3, lines 60-67]); (e) creating at said remote location 
(e.g., service bureau) a second data file comprising said single hash value and 
one or more additional data items relating to said single hash value (to provide 
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the capability to create a second document (e.g., second data file) at a remote 
location [col. 5, lines 44-48]); 

(f) generating a hash value for said second data file (to provide the 
capability to generate a hash value for the second document [col. 5, lines 45- 
50]). (g) publishing said hash value for said second data file in a journal for 
authenticating said second data file (to provide the capability to publish a hash 
value [col. 6, lines 45-60]). (h) authenticating said second data file by generating 
a hash value for said second data file and comparing the hash value for the 
second data file generated in (h) with the hash value for said second data file 
published in said dated journal (to provide authentication capability involving 
computing a hash a secondary hash of a stored data item [col. 6, lines 65-67; col. 
7, lines 1-5]). 

Therefore, given Toh's ability to transmit a hash to a remote location, a person 
having ordinary skill in the art at the time of the invention would have recognized 
the desirability and advantage of modifying Toh to enhance hash maintainability 
by employing the well known feature of publishing hash values as disclosed 
above by Haber. 

4. As to claim 64, Toh teaches a method where said first data file is 
generated in (b) at the end of a predetermined time period (par. 86). 
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5. As to claim 65, Toh teaches a method where: said first data file (e.g., 
delivery) contains at least one identifier selected from the group consisting of a 
Application/Control Number: 10/519,827 Page 11 Art Unit: 2431 file name, a 
path name, a file size and a time stamp (i.e., ... teaches delivery content 
including header information (e.g., address information) [par. 67]). 

6. As to claim 66, Toh teaches a method where least one of said first data 
items comprises a message to be transmitted from a sender to a receiver [par. 
67]. 

7. Claims 67 and 68 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Toh. 

8. As to claims 67, Toh teaches a method further comprising: the sender 
generating a first hash value of said message (i.e., ...teaches the sender 
generating a hash value of the data to be transmitted [par. 58]); the sender 
encrypting said message with a first secret key and producing a second hash 
value from said encrypted message (i.e., .. teaches performing an encryption 
operation before sending the message [par. 58]); the sender encrypting said first 
secret key with a second secret key (i.e., ...teaches the receiver receives an 
encrypted document decryption key [par. 67]); the sender transmitting to the 
receiver said encrypted message, said encrypted first secret key (e.g., encrypted 
document decryption key) and said first hash value (i.e., .. teaches the sender 
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sending the encrypted data [par. 67] ...the encrypted data comprising a message, 
a decryption key, and hash value [par. 67]); the sender transmitting said second 
hash value and said second secret key to a third party (i.e., ...teaches a third 
party receives an hash value and encrypted message [par. 58]); the receiver 
(e.g., OC) receiving said encrypted message and generating a purported copy of 
said second hash value of said encrypted message (i.e., ...teaches the receiver 
receiving the encrypted message, decrypting the message and performing a 
hash operation [par. 67]); the third party determining whether the purported copy 
matches said second hash value (i.e., ..teaches a third party comparison 
operation between hashes [par. 58]); and the third party then releasing said 
second key if a match is so determined (i.e., ...teaches upon successful 
verification of hash key information then delivered to the recipient [par. 67]). 

Toh does not expressly teach as claimed: the third party storing the transmitted 
second hash value and second secret key for audit purposes; However given 
Toh's disclosure of a third party performing a hash operation for the purpose of 
validation comparison, this would imply to those skilled in the art that Toh would 
have to have previously stored a hash value in order to have a hash value to 
compare too [par. 58]. 

Therefore this would also imply that inherent to Toh's hash capability is Toh's 
ability to store a given hash value at a third party. The audit element of 
applicant's claim limitation indirectly is related to Toh disclosing the ability to 
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maintain hash values for the purpose of validation comparison. Also, Toh does 
teach storing key data (e.g., secret key) [par. 69]. The key data Toh discloses is 
from both sender and receiver. Therefore given the implied teachings of Toh in 
this regard, one of ordinary skill in the art would recognize the benefit of storing 
hash values to enhance the hash comparison process. Toh does not expressly 
teach as claimed: the receiver transmitting the purported copy of said second 
hash value to the third party, However Toh does disclose the ability to exchange 
data between a receiver and third party for verification purposes and the ability 
for the receiver to perform a hash operation on received data (e.g., second hash 
value) [par. 39 & 67]. (The Examiner notes that the specification lacks a specific 
example to clearly interpret this limitation and as such the Examiner has 
interpreted this limitation under the broadest reasonable interpretation and 
consistent with what is common in the art). Consistent with what is known in the 
art, a third party in a message exchange system is commonly used for 
authentication or privacy. Therefore given Ton's teachings of data exchange 
between receiver and third party (e.g.,OC) and the receiver ability to perform a 
hash function, it would have been obvious to those skilled in the art to have a 
receiver possess the ability to send a copy of a generated hash to a third party to 
enhance the message (e.g., second hash value) authentication process. 

9. As to claim 68 , Toh teaches a method where the first secret key is 
symmetric and the second secret key is asymmetric (i.e., .. teaches the use of 
both symmetric and asymmetric keys [par. 28 & 29]). 
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10. Claims 69-72 (Cancelled) 

Response to Arguments 
Examiner Remarks - 112? h 1 st Paragraph Rejection 

The Examiner finds applicant's remarks persuasive and therefore withdraws the 
rejection made under 1 12th 1st paragraph for claims 63, 67, 69 and 72. 

Examiner Remarks - 103(a) Toh in view ofHarber 

The applicant argues: the following: "In contrast, the present invention of 
claim 63 involves transmission to a remote location of a single hash value 
derived from hash values for a plurality of stored data items, whereas Haber 
transmits to a remote location only a single hash value for particular document", 

The Examiner respectfully submits that Harber discloses the following: 
"...the service bureau takes from R hash value a. sub. 5 (FIG. 2B) of document F 
and combines (e.g., concatenates) that value with the hash value a.sub.6 of a 
second document which is the subject matter of a second request for 
certification. At step 14, the service bureau hashes the composite to create a 
new hash value linked to hash values a.sub.5 and a.sub.6 by a one-way hash 
function". Harber further discloses MD5 hash values for the repository of FIG. 3. 
Harber further discloses "...the service bureau calculates a "self-verifying" hash 
values and the location values (e.g., "handedness") of the self-verifying hash 
values for the subject document similar to step 1 7 of FIG. 1 . At step 48, the 
service bureau combines location values and an identifier for root D.sub.1-8 to 
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form a composite similar to FIG. 1 . At optional step 49, the unique name 
generated by step 48 can be further abbreviated to form an even shorter 
"nickname" similar to FIG 1 . ". Additionally, Harber discloses: "the service bureau 

transmits the "name" back to the requester the name comprises the 

combination (e.g., concatenation) of location values (e.g., handedness values) 
with a root identifier (e.g., a root identifier by the time it was published: "Aug. 18, 
1994 7:37:25 AM EDT")". 

The Examiner contends in this instance Harber contemplates creating a hash 
representative of multiple documents by disclosing the process of hashing 
document F with a secondary document. The Examiner further submits Harber 
contemplates sending a hash respective of a plurality of documents by disclosing 
that the service bureau will transmit to the client the hash representative value. 
Therefore in view of the cited teachings of Harber the Examiner finds applicant's 
arguments to be non-persuasive. 



Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of 
time policy as set forth in 37 CFR 1 .1 36(a). 

A shortened statutory period for reply to this final action is set to expire 
THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory 
action is not mailed until after the end of the THREE-MONTH shortened statutory 
period, then the shortened statutory period will expire on the date the advisory 
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action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be 
calculated from the mailing date of the advisory action. In no event, however, will 
the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Contact information 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to BRYAN WRIGHT whose telephone number is 
(571)270-3826. The examiner can normally be reached on 8:30 am - 5:30 pm 
Monday -Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, William Korzuch can be reached on (571) 272-7589. The 
fax phone number for the organization where this application or proceeding is 
assigned is 571-273-8300. 
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